A conventional processing system, such as system 100 shown in FIG. 1a, may include hardware resources, such as microprocessor 105 and system memory 115, as well as software resources, such as an operating system (OS) and one or more end-user programs or applications. When booting a computer system, the OS is usually loaded before any of the end-user programs or applications and serves as an intermediary between the software applications and hardware in the computer system.
In addition to system memory and one or more microprocessors, a processing system may currently, also include trusted platform module (TPM) 120. A TPM is a hardware component that resides within a processing system and provides various facilities and services for enhancing the security of the processing system. For example, a TPM may be used to protect data and to attest to the configuration of a platform. The sub-components of a TPM may include an execution engine and secure non-volatile (NV) memory or storage. The secure NV memory is used to store sensitive information, such as encryption keys, and the execution engine protects the sensitive information according to the security policies to be implemented by the TPM.
A TPM may be implemented in accordance with specifications such as the Trusted Computing Group (TCG) TPM Specification Version 1.2, dated Oct. 2, 2003 (hereinafter the “TPM specification”), which includes parts such as Design Principles, Structures of the TPM, and TPM Commands. The TPM specification is published by the TCG and is available from the Internet at the trusted computing group website (trustedcomputinggroup(dot)org.
In general a TCG-compliant TPM provides security services such as attesting to the identity and/or integrity of the platform, based on characteristics of the platform. The platform characteristics typically considered by a TPM include hardware components of the platform, such as the processor(s) and chipset, as well as the software residing in the platform, such as the firmware and OS. A TPM may also support auditing and logging of software processes, as well as verification of platform boot integrity, file integrity, and software licensing. It may therefore be said that a TPM provides a root of trust for a platform. Accordingly, a third party may implement security policies which require requesting systems to provide TPM-based platform attestation. For instance, the third party may configure a server to deny client requests unless those requests are accompanied by valid, TPM-based platform attestation from the client systems.
However, including the TPM as a separate hardware component on every platform is potentially expensive. As the demand for more inexpensive platforms and computers continues to grow, elimination of component cost within a system, such as the cost of including a separate TPM component in every system, becomes an ever-growing consideration.
Turning to FIG. 1b, an example of a current secure launch timeline 140 within a computer system, such as system 100 illustrated in FIG. 1a, is shown. Usually, some secure initialization instruction, such as a secure-enter (SENTER) instruction 160 is issued. Typically, after issuance of SENTER 160, system management interrupts (SMIs) 168 are blocked, as it is unknown if a system management mode (SMM) used to handle SMIs 168 may be trusted at that time. Although this potentially ensures high trust level, it comes at the price of an extra component within the platform, where a potentially lower level based trust may be sufficient.